Originally Posted by
ckpeter
AwardWallet has a feature that logs into your site accounts for you automatically. Very handy. I use it often when I don't want to fuss with all the clicking.
Originally Posted by
CPRich
You click on the account name in AW and it automatically logs you in. Not knowing the id/pwd isn't all that meaningful if you can get to the account anyway.
Perhaps that feature too should be more secure. I only use AW to monitor the balances.
But I see no reason why AW should allow you to view your already entered password details in plain text. That means if your AW account is compromised (whether through brute force, known password, etc) ALL your FF account details are also compromised.
This time it may have only been 250 AW accounts (compromising possibly thousands of FF accounts), next time it could be all AW accounts and who knows how many FF accounts.